Technology users’ privacy should take a much more relevant approach for these companies, and Apple’s announcement is proof of that. In order to prevent apps like Facebook Messenger and WhatsApp from accessing the user’s microphone data in the background, the next iOS update will ban these apps and the like from making voice calls over the Internet in the background, report web application security specialists.
It is assumed that these apps can perform calls in the background when they are installed on an iPhone even when the apps are not open. In other words, this allows them to collect data in the background without the user being able to perceive it, all while making a voice call using these apps.
Apple has unveiled its plan to restrict this data collection during calls. Web application security experts believe that, in the first instance, this decision will take effect in both Messenger and WhatsApp, although it is not known whether it will also involve Telegram, Skype and other similar services.
This is not the only security flaw that has been found in WhatsApp applications. A couple of months ago, the developers fixed a massive flaw that exposed more than a billion users to the use of spying software. The investigation concluded that this flaw was present in the application for years without anyone noticing.
Exploiting this vulnerability would have allowed threat actors to inject spyware into any smartphone with WhatsApp via the voice calls feature in the app; while users made their call, hackers installed in the background a malicious application containing the spyware, allegedly designed by Israeli security agency NSO Group.
On the other hand, NSO Group issued a statement saying that the sole purpose of its technological developments is the fight against crime and terrorism.
International Institute of Cyber Security (IICS) web application security specialists say Pegasus, the spyware in question, is the most sophisticated mobile spying tool that exists today and it is in high demand, whether from intelligence agencies or malicious hacker groups.